Fetching memberOf attribute
Matvey Teplov
matvey.teplov at nomios.nl
Wed May 14 15:18:58 UTC 2025
Hi Guys,
I cannot get the ldap module to fetch a memberOf attribute from AD - it is not putting it as a filter parameter in the LDAP search packet. I need this list later to search through for port-authentication phase through the groups in session-state:LDAP-Group[*]'s to identify which ones are present and return a proper VSA. The LDAP configuration is as follows:
ldap {
server = 'abc.nomios.nl'
identity = 'CN=ABC,OU=ABC,DC=nomios,DC=nl'
password = '#######'
base_dn = 'DC=nomios,DC=nl'
user {
base_dn = "${..base_dn}"
filter = "(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})"
scope = 'sub'
access_attr = "memberOf"
attribute {
memberOf := 'session-state:LDAP-Group'
}
}
# group {
# base_dn = "${..base_dn}"
# membership_attribute = 'memberOf'
# }
options {
chase_referrals = no
rebind = yes
ldap_debug = 1
timeout = 10
timelimit = 3
net_timeout = 1
idle = 60
}
tls {
start_tls = no
}
update {
session-state:LDAP-Group := "%{ldap:memberOf}"
}
}
If I run manually ldap_search, then membership shows. Wireshark confirms that there is no attribute request in the ldap search packet present.
Any help will be greatly appreciated!
Best regards Matvey Teplov
+31 62 705 12 73
More information about the Freeradius-Users
mailing list